A group of Iran-linked hackers claimed Friday that they had breached a personal email account of FBI Director Kash Patel and published older photos, a resume, and documents online.
The group, known as Handala Hack Team, posted files bearing its logo. A U.S. Justice Department (DOJ) official told Reuters the material “appears authentic.” The email address cited by the hackers matches one previously associated with Patel. The exposed emails date from 2010 to 2019.
Handala, which describes itself as a pro-Palestinian hacking collective, has been active since at least 2023. U.S. authorities link the persona to Iran’s Ministry of Intelligence and Security and say the group has claimed cyberattacks against U.S. companies and Israeli-linked targets.
The department said it seized four domains used by the Ministry of Intelligence of the Islamic Republic of Iran to conduct “cyber-enabled psychological operations” and transnational repression, including sites tied to the Handala persona.
According to the DOJ, the domains were used to claim hacking activity, post stolen data, and issue threats against journalists and dissidents.
Investigators said the network used a consistent operational “playbook” involving destructive cyberattacks and “faketivist” campaigns designed to intimidate targets.
“The Iranian regime exploits cyberspace to advance authoritarian objectives, suppress democratic institutions, and undermine our national and economic security,” said FBI Baltimore Special Agent in Charge Jimmy Paul. He said last week that the FBI will act swiftly “to ensure those responsible are identified, apprehended, and held accountable.”
According to DOJ filings, Handala also hacked data from multiple targets in March, including a March 11 malware attack on a U.S.-based medical technology company. The group also posted names and addresses of roughly 190 people linked to the Israeli government and military.
The DOJ said that the FBI found the group used Handala_Team@outlook[.]com to send death threats to Iranian dissidents and journalists in the United States and abroad, while also claiming earlier this month to be working with Mexico’s CJNG cartel and offering a $250,000 bounty.
DOJ officials said that such activity can include ransomware, unauthorized access to protected systems, and malware that damages government, financial, or commercial networks.
Reuters contributed to this report.
